From: Vincent At: 16.11.2015, 13:55 > > On 16 Nov 2015 at 13:50:52, Clemens Klein-Robbenhaar > (c.robbenh...@espresto.com(mailto:c.robbenh...@espresto.com)) wrote: > >> From: Vincent: At 16.11.2015, 13:23 >> [...] >>>> >>>> >>>> Personally I prefer a third option: >>>> - disallow '/' and '\' in page names completely when creating / renaming >>>> pages >>>> - in the UI, if the user enters these characters to add (or rename), scrap >>>> them from the page name, or replace then by '-' (they will still show up >>>> in the title) >>>> and create a new page with the name without the slashes >>>> - make this configureable, like 'xwiki.pagename.forbiddenchars=/\\' >>>> and then people who are able to set up their servlet container to allow >>>> slashes can empty that config variable. >>> This covers only a portion of all the use cases, unless you also want to >>> disable “.”, “:”, “@“, “^” characters in page names because if you don’t >>> then they’ll be escaped in serialized references which can surface in the >>> URL (as shown by http://jira.xwiki.org/browse/XWIKI-11528 and by the URL >>> format I’m proposing for Zip URLs. The reference URL scheme is also >>> affected obviously, see >>> http://design.xwiki.org/xwiki/bin/view/Design/AlternateURLScheme). >> >> I didn't mean to say that with my proposal no URL Encoding or other escaping >> need to happen at all, or no escaping in entity references. >> Of course something like that will need to happen, unless one has a pretty >> long list of "forbidden" stuff, which will not be user-friendly. > > What I meant is that your proposal won’t help unless you also forbid those > characters! :) > > On a personal note, I wouldn’t like to forbid characters in space or page > names. We’ve worked hard to not have to do this. >
I do not like it much either; that is why I proposed to have it configureable, and only contain the characters which are "absolutely necessary". It could even be empty and people have to turn it on if they do not want to configure their servlet containers properly. >> The only part I tried to address is the problem that by default tomcat and >> apache's httpd do not allow slashes - encoded or not - in the URL. >> I am not sure why the other chars come in here now. If they get properly >> escaped / unescaped they should not cause problems. > > I think you missed the fact that these extra characters that I mentioned need > to be escaped when present in serialized references and the escape character > in references is “\” :) > Yes, this part is what I have been missing. Indeed, if you want to use entity references in the URL and them to be "tomcat friendly", you need a different escape character in the URL, which means we are back at proposal 2. > Thanks > -Vincent > Cheers Clemens _______________________________________________ devs mailing list devs@xwiki.org http://lists.xwiki.org/mailman/listinfo/devs
